* Spring Security 5 has changed encoding of password storage to DelegatingPasswordEncoder. To be backwards-compatible, currently returning NoOpPasswordEncoder as default. Will probably need to migrate all passwords to new encoding and use a better encoder/decoder.

* Fix unit tests.

* Flyway is now at v6, and Java callback mechanism has changed to a general handle() method.

* Fix integration tests (including simplifying TokenIntegrationTest).

* Integration tests allow bean definition overriding, as it is not enabled by default now in Spring Boot 2.x.